Winpeas logs full of garbage exceptions. Error looking for regex define ?\(['"](\w*pass|\w*pwd|\w*user|\w*datab)

bmigette commented 6 months ago

If you are going to suggest something, please remove the following template. If your issue is related with WinPEAS.ps1 please mention https://github.com/RandolphConley

Issue description

Winpeas logs full of garbage exceptions. The same exception repeat 1000s of time, causing output log to be up to 100Mb

Steps to reproduce the issue

Run winpeas. Tested with release https://github.com/carlospolop/PEASS-ng/releases/tag/20240310-532aceca

Which parameters did you use for executing the script and how did you execute it?

*Evil-WinRM* PS C:\tmp> .\winPEASx64.exe log=winpeas.log

If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?

N/A

Is there any AV / Threat protection in the system?

No

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

Windows 10 / Server 2019 Build 19041

Please, indicate the check that is failing and add a screenshot showing the problem

[1;36m════════════════════════════════════╣ [1;32mFile Analysis[1;36m ╠════════════════════════════════════[0m

[1;36m╔══════════╣ [1;32mFound NFS Exports Files[0m
File: C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\CommonExtensions\Microsoft\Web\[0m[1;31mExports[0m
[1;90mError looking for regex define ?\(['"](\w*pass|\w*pwd|\w*user|\w*datab)
 inside files: System.ArgumentException: parsing "define ?\\(['"](\\w*pass|\\w*pwd|\\w*user|\\w*datab)" - Not enough )'s.
   at System.Text.RegularExpressions.RegexParser.ScanRegex()
   at System.Text.RegularExpressions.RegexParser.Parse(String re, RegexOptions op)
   at System.Text.RegularExpressions.Regex..ctor(String pattern, RegexOptions options, TimeSpan matchTimeout, Boolean useCache)
   at winPEAS.Checks.FileAnalysis.SearchContent(String text, String regex_str, Boolean caseinsensitive)[0m
[1;90mError looking for regex define ?\(['"](\w*pass|\w*pwd|\w*user|\w*datab)
 inside files: System.ArgumentException: parsing "define ?\\(['"](\\w*pass|\\w*pwd|\\w*user|\\w*datab)" - Not enough )'s.
   at System.Text.RegularExpressions.RegexParser.ScanRegex()
   at System.Text.RegularExpressions.RegexParser.Parse(String re, RegexOptions op)
   at System.Text.RegularExpressions.Regex..ctor(String pattern, RegexOptions options, TimeSpan matchTimeout, Boolean useCache)
   at winPEAS.Checks.FileAnalysis.SearchContent(String text, String regex_str, Boolean caseinsensitive)[0m

How did you expect it to work?

No exceptions filling logs

Additional details / screenshot

┌──(babadmin㉿kakali) - 19:59:45 - [~/xxx]
└─$ grep -a -e "Error looking for regex define" winpeas.log | wc -l
19423

superboy-zjc commented 6 months ago

same issue

perceval1252 commented 6 months ago

I also have the same issue

StayPirate commented 6 months ago

Same here. The affected version for me is Version: 20240310.532aceca-0kali1.

StayPirate commented 6 months ago

I reverted back to 20240221-e5eff12e which is the last unaffected release. That means the bug was introduced at https://github.com/carlospolop/PEASS-ng/compare/20240221-e5eff12e...20240223-ab2bb023.

superboy-zjc commented 6 months ago

I reverted back to 20240221-e5eff12e which is the last unaffected release. That means the bug was introduced at 20240221-e5eff12e...20240223-ab2bb023.

Thanks for your valuable information.

achute commented 6 months ago

same issue - worked with 20240221-e5eff12e

carlospolop commented 6 months ago

Thanks for the info guys, specially to @StayPirate! I have reverted the changes from that PR and there should be a new release in some mins, let me know if that fix it pls!

bmigette commented 6 months ago

@carlospolop Tried on one windows machine today (not the same as before though), and didn't got the issue. Will try on a few others and update if I still face the issue

carlospolop commented 1 month ago

This should be fixed, feel free to reopen it is it's not

peass-ng / PEASS-ng